Quoting Josh Kelley <[EMAIL PROTECTED]>: > I realize this is a bit OT, but I've seen SBL recommended here before, > and I'm not sure where else to ask... > > I'm trying to reconfigure our mail server to start blocking spam instead > of tagging it with SpamAssassin and trusting our users to set up their > own filters based on SpamAssassin. Blocking messages based on the SBL > seemed like a good first step. In the week or so since I've started > using the SBL, it's caught about half of the incoming mail to our > campus, but it's also caused 4-5 false positives (a spammer's company > that happens to put out a good newsletter, legitimate mailing lists > hosted by spammers, a legitimate company that uses a spam-friendly ISP > as their hosting provider). This surprised me, since I was under the > impression that the SBL was probably the most trusted and most > conservative of the blacklists. > > Should I give up on blocking via the SBL? Or should I just accept that > if I'm going to block mail, I'm going to block a few legitimate ones by > mistake? I know that others on this list use the SBL - have you had any > similar problems? >
Hi Josh, I use DNSBLs like this: I have a list of 15 most popular DNSBLs and check relay IP address to ALL of them, then I reject a message if that IP address is listed in 2 (or 3, or 5, it's up to you to decide) or more of them. I think that will decarease FPs to almost 0%. But will not catch those ones that are listed in lass than 2 (or 3, or 5, etc.) DNSBLs. It works pretty good for me. I hope that will help you. Dmitry _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
